AS Numbers and Certificates¶

In this user guide, we explain how to request an AS number and AS certificate. They are necessary for connecting an Anapaya appliance to the SCION network.

AS Number¶

Every participant in a SCION network needs their own SCION AS number. Refer to ISD-and-AS-numbering for more details on the numbering scheme.

Currently, Anapaya is the only organization assigning SCION AS numbers for the productive SCION networks. For specific ISDs, other organizations are assigning SCION AS numbers on behalf of Anapaya.

Note

The entire 4-byte BGP AS numbering space is reserved for organizations that own the respective BGP AS number. Thus, if your organization already has a BGP AS number assigned by an official BGP numbering authority, it can claim the same SCION AS number.

Request AS Number for public ISDs and SSHN participants¶

Reach out to the Anapaya CSE team to request a SCION AS number from Anapaya. Your request should include

Your organization details,
Your technical contacts responsible for SCION,
The Isolation Domains you want to connect to.

Note

Once assigned, the AS number and your organization will be added to the Autonomous Systems list.

Request AS Number for SSFN participants¶

SIX issues SCION AS numbers for participants in SSFN. Follow the instructions on the SIX SSFN website on how to apply for a SSFN certificate and reach out to SIX. In the process, when required to fill in AS Number, leave the field empty and SIX will assign an AS number.

Request AS Number for SEPN participants¶

The SEPN Association issues SCION AS numbers for participants in SEPN. Follow the instructions on the SEPN website on how to apply for a SEPN certificate and reach out to the SEPN Association.

Request AS Number for SSUN participants¶

Axpo Systems issues SCION AS numbers for participants in SSUN. Please reach out to info.ssun@axpo-systems.com to gather information on joining SSUN and requesting a SCION AS number.

AS Certificate¶

A SCION AS needs a SCION AS certificate for every isolation domain it should be part of. Requesting an initial AS certificate is a manual process which is described below. Once the AS certificate is uploaded to the Anapaya appliance, SCION connectivity to the rest of the network can be established. AS certificate renewals are then automated and are performed by the appliance every few days.

Create Certificate Signing Request¶

As a first step, the Certificate Signing Request (CSR) needs to be created. Refer to Generating a Certificate Signing Request for details on how to use the appliance API for this. Make sure you include the relevant subject details.

Note

When creating a CSR for a SCION AS in the SSFN, make sure the values match with the contract values agreed upon with SIX.

Request the AS Certificate¶

In case the CSR was created for a public isolation domain, send the CSR to the Anapaya CSE team.
In case the CSR was created for the SSFN, send the CSR to the SSFN certificate team at SIX.

Install the AS Certificate¶

Once you receive the AS certificate from the issuing party, you need to install it in the Anapaya appliance. Refer to Installing AS Certificates for the necessary commands.